1. Field of the Invention
This invention relates to a method and an apparatus for testing a biometric feature.
2. Description of Related Art
Biometric features are used for, among other things, identifying or verifying entitled persons in connection with access controls and the performing of monetary transactions. With the aid of biometric features one can ensure for example that a data carrier, such as a smart card, to be used for the abovementioned controls or transactions can be used only by the entitled person, i.e. only the entitled person is granted access or can perform the transaction. For this purpose a biometric feature such as a fingerprint, voice sample or design of the eyeground, etc., is detected by measuring technology before the data carrier is enabled for use, and only in the case of a positive comparison of the measured values with reference values stored on the data carrier is the access or transaction with the data carrier enabled. The data carrier is normally used in connection with a terminal with which the data carrier communicates. Comparison of the biometric data detected by measuring technology with stored reference values can fundamentally be effected both in the data carrier and in the terminal. Since biometric measuring data are frequently very extensive, and the evaluation of such data also involves complex arithmetic operations, one requires high computing power and a lot of storage space. These requirements cannot, or not readily, be met by data carriers available today, so that the evaluation of biometric measuring data is normally performed in the terminal and the data carrier serves only to store the reference values.
Such a terminal is known from DE 44 39 593 C2. This document discloses an access control apparatus having a microphone for speech recognition and a reading device for smart cards. A speech sample is taken using the microphone and reduced to typical speech parameters in a speech analysis unit. The speech parameters are compared in an evaluation unit with reference values stored on the smart card and transferred from the smart card to the access control device for the purpose of comparison. A disadvantage of this known device is that the reference values stored on the smart card are transmitted outside so that there is a danger of unauthorized third parties gaining knowledge of said reference values.
It is further known from DE 44 39 593 C2 that the access control apparatus passes speech parameters determined from a speech sample to the smart card and the smart card compares the transmitted speech parameters with stored reference values. This procedure has the advantage that the stored reference values do not leave the smart card so there is no danger of unauthorized third parties intercepting them. However, since the measured values for the speech parameters rather than the reference values for the speech parameters must now be transferred between the device and the smart card, there is a danger of the measured values rather than the reference values being intercepted by an unauthorized third party. If an unauthorized third party has knowledge of the authorized user""s measured values, this is just as serious as if he has knowledge of the reference values.
The invention is based on the problem of stating a method and an apparatus for testing a biometric feature which offers a very high security standard while being realizable with tolerable effort.
To ensure optimal protection from unauthorized use of the data carrier, it is necessary for the testing of the biometric feature to be performed by the data carrier itself and not by the terminal with which the data carrier communicates in the course of its proper use. There is a problem, however, insofar as the sensor or sensors for detecting the biometric feature are normally mounted on the terminal so that the measured values must be transferred from the terminal to the data carrier. A further problem is that the computing and storage capacities of currently used data carriers, e.g. smart cards, usually do not suffice for performing a reliable comparison with reference values starting from the measured values of the biometric feature within an acceptable time.
The invention solves these problems in that, firstly, all security-relevant operations are performed within the data carrier and computing-intensive operations are swapped out unless security is impaired, and, secondly, the data carrier specifies which data are transmitted from the terminal to the data carrier in which form in this swap. Instead of sending the complete set of measured values to the data carrier each time, the terminal performs a pre-evaluation of the measured values, thereby also performing a link between temporary results obtained from the measured values and data transmitted to the terminal from the data carrier. Only the result of this link is then transmitted from the terminal to the data carrier, which can then ascertain with relatively little effort from these link results whether the biometric feature detected by measuring technology comes from an authorized user.
Swapping computing-intensive and security-irrelevant operations from the data carrier to the terminal thus has the advantage that most of the computing effort occurs in the terminal, which can be accordingly equipped therefor, and only a fraction is left for the data carrier itself, without lowering the security standard. Further, the link of measured values with data of the data carrier before transfer from the terminal to the data carrier has the advantage of essentially impeding attempts at manipulation by means of intercepted data. For example, the data carrier can systematically or randomly vary its specifications for the link, thereby preventing manipulation by rerecording the intercepted link results. In particular, the data carrier can also select a varying subset of the pre-evaluated measured values so that a potential attacker could always gain knowledge of only part of the measured values, and possibly furthermore does not know which particular part was selected by the data carrier.
To better illustrate the invention, it will be explained in the following with reference to the biometric feature xe2x80x9cfingerprintxe2x80x9d for a system comprising a smart card and a terminal. The described example is only one of many possible realizations. The invention can be used just as well for any other biometric features, such as speech, eyeground, etc. Furthermore, the details of realization, e.g. which characteristics of the biometric feature are selected and how these characteristics are represented and evaluated, can vary within wide limits.
According to the inventive method a fingerprint is first detected by measuring technology and the characteristics of the fingerprint determined from the measured values by a suitable extraction function. The characteristics can consist for example of coordinates and the kind of minutiae of the fingerprint. The minutiae are characteristic points or shapes, etc., of the fingerprint lines, such as branchings or end points thereof. The smart card specifies to the terminal e.g. the coordinates of the minutiae determined from the measured values for which the kinds of minutiae are to be evaluated. The terminal thereupon links the specified coordinates with the minutiae data material determined from the measured values, determines therefrom the kind of minutiae determined at the specified coordinates, and passes the result to the smart card. The smart card tests the transmitted minutiae data and ascertains whether the biometric feature comes from an authorized user. This test can be done for example by comparison with reference values previously stored on the smart card.
Advantageous designs and developments of the invention will be described in the following with reference to the embodiments shown in the drawing, in which: